Update poppassd pacakge to 4.0.5nb2.

- Catch child process exit.
- Add "-o" option which provides compatibility with older poppassd,
  returning authentication error after "PASS" command not "NEWPASS"
  for some broken clients.

4 files changed, 223 insertions, 39 deletions

diff --git a/mail/poppassd/Makefile b/mail/poppassd/Makefile
index 31939bac492..95ed7f2797c 100644
--- a/mail/poppassd/Makefile
+++ b/mail/poppassd/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2003/04/29 14:22:45 taca Exp $
+# $NetBSD: Makefile,v 1.10 2004/01/29 15:45:00 taca Exp $
 #
 
 DISTNAME=		qpopper${VERSION}
 PKGNAME=		poppassd-${VERSION}
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		mail
 MASTER_SITES=		ftp://ftp.qualcomm.com/eudora/servers/unix/popper/
 
diff --git a/mail/poppassd/distinfo b/mail/poppassd/distinfo
index eacbf6f0a49..b0420846ce8 100644
--- a/mail/poppassd/distinfo
+++ b/mail/poppassd/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.6 2003/04/29 14:22:45 taca Exp $
+$NetBSD: distinfo,v 1.7 2004/01/29 15:45:00 taca Exp $
 
 SHA1 (qpopper4.0.5.tar.gz) = 726d40da2210bf4b82541a28971986e6a3d9e1a5
 Size (qpopper4.0.5.tar.gz) = 2281284 bytes
 SHA1 (qpopper-4.0.5-ipv6-20030313.diff.gz) = 31858d41e1dab90019152d957a7ea3d69fe085b0
 Size (qpopper-4.0.5-ipv6-20030313.diff.gz) = 60773 bytes
-SHA1 (patch-aa) = 3dfad411477bae676ec4ea3dadf1d47d53ce1383
+SHA1 (patch-aa) = 0dd1bdc832d00bd640e7003afea28f0d90c2f975
 SHA1 (patch-ab) = 713698d5834b569a0ee08088567a71e218d50550
-SHA1 (patch-ac) = b4edaa15f478914a2d2c273871915d53e498ff7c
+SHA1 (patch-ac) = 231c8fda89dc14476fec5a8a7c1877a7c52f7618
diff --git a/mail/poppassd/patches/patch-aa b/mail/poppassd/patches/patch-aa
index 32b5e769483..13c33bf923e 100644
--- a/mail/poppassd/patches/patch-aa
+++ b/mail/poppassd/patches/patch-aa
@@ -1,8 +1,15 @@
-$NetBSD: patch-aa,v 1.1.1.1 2001/06/10 15:15:06 taca Exp $
+$NetBSD: patch-aa,v 1.2 2004/01/29 15:45:00 taca Exp $
 
---- man/poppassd.8.orig	Wed Apr  4 09:23:13 2001
+--- man/poppassd.8.orig	2001-03-21 08:43:24.000000000 +0900
 +++ man/poppassd.8
-@@ -12,27 +12,28 @@
+@@ -6,33 +6,36 @@
+ .\" See License.txt file for terms and conditions for modification and
+ .\" redistribution.
+ .\"
+-.TH POPAUTH 8
++.TH POPPASSD 8
+ .SH NAME
+ poppassd \-\- password-changing daemon
  .SH SYNOPSIS
  .B poppassd
  [
@@ -11,6 +18,8 @@ $NetBSD: patch-aa,v 1.1.1.1 2001/06/10 15:15:06 taca Exp $
  ] [
  .B \-d
  ] [
++.B \-o
++] [
  .BI \-l " tls-usage"
  ]
 +] [
@@ -36,7 +45,7 @@ $NetBSD: patch-aa,v 1.1.1.1 2001/06/10 15:15:06 taca Exp $
  ] [
  .B \-v
  ]
-@@ -58,7 +59,7 @@
+@@ -58,7 +61,7 @@ programs.
  .PP
  .SH OPTIONS
  .TP
@@ -45,21 +54,36 @@ $NetBSD: patch-aa,v 1.1.1.1 2001/06/10 15:15:06 taca Exp $
  Prints a summary of options and exits.
  .TP
  .B \-d
-@@ -83,26 +84,36 @@
+@@ -69,6 +72,14 @@ the default log facility is
+ but can be changed using the
+ .I \-y option.
+ .TP
++.B \-o
++Report authentication error after "PASS" command.  
++Without this option, authentication error would report 
++after "NEWPASS" command.
++This is compatible behavior as old
++.I  poppass
++daemon.
++.TP
+ .B \-l " tls-usage"
+ Sets TLS/SSL handling.  Must have compiled with OpenSSL or SSL Plus.
+ 
+@@ -83,27 +94,37 @@ client to attempt TLS/SSL negotiation af
  Causes Qpopper to attempt TLS negotiation when a client first connects.
  This is for alternate-port support.
  .TP
 -.B \-p " [ " passwd-path " ]"
 +.B \-P
++Instructs
++.I poppassd
++to change the system password (which is the default).
++.TP
++.B \-p passwd-path
  Instructs
  .I poppassd
 -to change the system password (which is the default) and optionally
 -specifies the path to the executable to use.  The default is /usr/bin/passwd.
-+to change the system password (which is the default).
-+.TP
-+.B \-p passwd-path
-+Instructs
-+.I poppassd
 +to change the system password (which is the default) and specifies 
 +the path to the executable to use.  The default is /usr/bin/passwd.
  .TP
@@ -80,12 +104,13 @@ $NetBSD: patch-aa,v 1.1.1.1 2001/06/10 15:15:06 taca Exp $
 -.I \-p
 +.I \-P
  option.
-+.TP
+ .TP
 +.B \-s smbpasswd-path
 +Instructs
 +.I poppassd
 +to change the smb password and specifies the path to the executable 
 +to use.  The default is /usr/bin/smbpasswd.
- .TP
++.TP
  .BI \-t " tracefile"
  Turns on debug tracing, and causes all trace and log output to be
+ written to the file specified as
diff --git a/mail/poppassd/patches/patch-ac b/mail/poppassd/patches/patch-ac
index 1a88230aca4..3760025fc9c 100644
--- a/mail/poppassd/patches/patch-ac
+++ b/mail/poppassd/patches/patch-ac
@@ -1,6 +1,6 @@
-$NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
+$NetBSD: patch-ac,v 1.4 2004/01/29 15:45:00 taca Exp $
 
---- password/poppassd.c.orig	Tue Jul 16 15:20:21 2002
+--- password/poppassd.c.orig	2004-01-26 17:14:25.000000000 +0900
 +++ password/poppassd.c
 @@ -167,8 +167,13 @@
  /* LANMAN allows up to 14 char passwords (truncates if longer), but tacacs
@@ -16,6 +16,15 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
  
  #include "config.h"
  
+@@ -273,7 +278,7 @@ void    get_client_info ( POP *p, BOOL n
+ char   *sock_ntop ( struct sockaddr *p, int salen );
+ int     sock_port ( struct sockaddr *p, int salen );
+ char   *debug_str ( char *p, int inLen, int order );
+-
++void	reapchild (int);
+ 
+ /*
+  * External prototypes
 @@ -294,6 +299,7 @@ pop_result auth_user ( POP *p, char *pas
  
  static char *P1[] =
@@ -32,7 +41,16 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
       ""
     };
  
-@@ -346,14 +353,13 @@ char          *smb_binary           = SM
+@@ -337,6 +344,8 @@ char           msg_buf [ 2048 ]     = ""
+ char          *pwd_binary           = PASSWD_BINARY;
+ char          *smb_binary           = SMBPASSWD_BINARY;
+ 
++int child_pid = 0;
++int child_status = -1;
+ 
+ /*
+  * Be careful using TRACE in an 'if' statement!
+@@ -346,18 +355,19 @@ char          *smb_binary           = SM
  #define RUN_PASSWD 1
  #define RUN_SMBPASSWD 2
  
@@ -44,11 +62,17 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
      char           newpass [BUFSIZE]   = "";
      int            nopt                = -1;
 -    static char    options []          = "dl:p:Rs:t:vy:?";
-+    static char    options []          = "dhl:Pp:RSs:t:vy:";
++    static char    options []          = "dhl:oPp:RSs:t:vy:";
      int            mode                = 0;
      char          *ptr                 = NULL;
      POP            p;
-@@ -375,8 +381,6 @@ int main ( int argc, char *argv[] )
+     BOOL           no_rev_lookup       = FALSE;
++    int		   compat_mode	       = 0;
++    BOOL	   bad_user	       = FALSE;
+ 
+ #ifdef HAS_SHADOW
+     struct spwd *spwd;
+@@ -375,8 +385,6 @@ int main ( int argc, char *argv[] )
              pname = ptr + 1;
      }
  
@@ -57,7 +81,7 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
      /*
       * Set up some stuff in -p- so we can call Qpopper routines
       */
-@@ -384,6 +388,17 @@ int main ( int argc, char *argv[] )
+@@ -384,6 +392,17 @@ int main ( int argc, char *argv[] )
      p.AuthType            = noauth;
      p.myname              = pname;
  
@@ -75,7 +99,7 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
      /*
       * Handle command-line options
       */
-@@ -392,9 +407,9 @@ int main ( int argc, char *argv[] )
+@@ -392,9 +411,9 @@ int main ( int argc, char *argv[] )
      {
          switch (nopt)
          {
@@ -88,7 +112,7 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
                                    "[-t trace-file] [-v] [-y log-facility]\n",
                            pname );
                  exit (1);
-@@ -411,20 +426,34 @@ int main ( int argc, char *argv[] )
+@@ -411,20 +430,34 @@ int main ( int argc, char *argv[] )
                  verbose = TRUE;
                  break;
  
@@ -125,24 +149,146 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
                  break;
  
             case 't':
-@@ -671,6 +700,7 @@ void runchild ( char *userid, char *oldp
-                      emess[0] ? emess : "Unable to change password");
-       exit(1);
+@@ -475,6 +508,10 @@ int main ( int argc, char *argv[] )
+                         "Avoiding reverse lookups (-R)" );
+                 break;
+ 
++	    case 'o':		/* compatibility mode */
++		compat_mode = 1;
++		break;
++
+             case 'y': /* log facility */
+                 if ( optarg == NULL || *optarg == '\0' ) {
+                     err_msg ( HERE, "-y value expected" );
+@@ -562,44 +599,50 @@ int main ( int argc, char *argv[] )
+         return 1;
+     }
+ 
+-    WriteToClient ( "200 your new password please." );
+-    ReadFromClient ( line );
+-    sscanf ( line, "newpass %s", newpass );
+-     
+-    /* new pass required */
+-    if ( strlen (newpass) == 0 )
+-    {
+-        WriteToClient ("500 New password required.");
+-        return 1;
+-    }
+-
+     pw = getpwnam ( userid );
+     if ( pw == NULL )
+     {
+-        WriteToClient ( "500 Invalid user or password" );
+-        return 1;
+-    }
++	bad_user = TRUE;
++    } else {
+ 
+ #ifdef HAS_SHADOW
+-    if ((spwd = getspnam(userid)) == NULL)
+-          pw->pw_passwd = "";
+-    else
+-          pw->pw_passwd = spwd->sp_pwdp;
++	if ((spwd = getspnam(userid)) == NULL)
++	    pw->pw_passwd = "";
++	else
++	    pw->pw_passwd = spwd->sp_pwdp;
+ #endif
+ 
++	if ( chkPass ( userid, oldpass, pw, &p ) == FAILURE )
++	{
++	    syslog ( LOG_ERR, "password failure for %s", userid );
++	    bad_user = TRUE;
++	}
++
++	if ( pw->pw_uid <= BLOCK_UID )
++	{
++	    syslog( LOG_ERR, "someone tried to change %s's password", userid );
++	    bad_user = TRUE;
++	}
++    }
++    if (compat_mode && bad_user) {
++	sleep(1);		/* XXX */
++	WriteToClient ( "500 Invalid user or password" );
++	return 1;
++    }
+ 
+-    if ( chkPass ( userid, oldpass, pw, &p ) == FAILURE )
+-    {
+-        syslog ( LOG_ERR, "password failure for %s", userid );
+-        WriteToClient ( "500 Invalid user or password" );
+-        return 1;
++    WriteToClient ( "200 your new password please." );
++    ReadFromClient ( line );
++    sscanf ( line, "newpass %s", newpass );
++     
++    if (bad_user) {
++	WriteToClient ( "500 Not a user account." );
++	return 1;
      }
-+    close ( master ); /* done with the pty */
  
+-    if ( pw->pw_uid <= BLOCK_UID )
+- 
++    /* new pass required */
++    if ( strlen (newpass) == 0 )
+     {
+-        syslog ( LOG_ERR, "someone tried to change %s's password", userid );
+-        WriteToClient ( "500 Not a user account." );
++        WriteToClient ("500 New password required.");
+         return 1;
+     }
+ 
+@@ -631,6 +674,20 @@ int main ( int argc, char *argv[] )
+     return 0;
+ }
+ 
++/* catch child */
++void
++reapchild(sig)
++	int sig;
++{
++    int status;
++    int pid;
++
++    while ((pid = wait3(&status, WNOHANG, NULL)) > 0) {
++	child_pid = pid;
++	child_status = status;
++    }
++}
++
+ 
+ /* Run a child process to do the password change */
+ 
+@@ -651,6 +708,8 @@ void runchild ( char *userid, char *oldp
+         exit ( 1 );
+     }
+ 
++  signal(SIGCHLD, reapchild);
++
+   /* fork child process to talk to password program */
+ 
+   pid = fork();
+@@ -675,10 +734,16 @@ void runchild ( char *userid, char *oldp
      wpid = waitpid ( pid, &wstat, 0 );
      if ( wpid < 0 )
-@@ -700,8 +730,6 @@ void runchild ( char *userid, char *oldp
-       WriteToClient ("500 Server error (abnormal exit), get help!");
-       exit(1);
+     {
+-      logit ( trace_file, LOG_ERR, HERE, "wait for child failed" );
+-      WriteToClient ("500 Server error (wait failed), get help!");
+-      exit(1);
++      if (child_pid > 0) {
++	wpid = child_pid;
++	wstat = child_status;
++      } else {
++	logit ( trace_file, LOG_ERR, HERE, "wait for child failed" );
++	WriteToClient ("500 Server error (wait failed), get help!");
++	exit(1);
++      }
      }
--
--    close ( master ); /* done with the pty */
-   }
-   else      /* Child */
-   {
-@@ -782,6 +810,11 @@ int dochild (int master, char *slavedev,
++    signal(SIGCHLD, SIG_DFL);
+ 
+     if ( pid != wpid )
+     {
+@@ -782,6 +847,11 @@ int dochild (int master, char *slavedev,
     chdir ("/");
     umask (0);
  
@@ -154,7 +300,7 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
  /*
   * Become the user and run passwd. Linux shadowed passwd doesn't need
   * to be run as root with the username passed on the command line.
-@@ -950,8 +983,12 @@ int match (char *str, char *pat)
+@@ -950,8 +1020,12 @@ int match (char *str, char *pat)
             strlen(pat), debug_str(pat, strlen(pat), 1) );
  
     while (*str && *pat) {
@@ -169,3 +315,16 @@ $NetBSD: patch-ac,v 1.3 2002/07/16 15:01:50 taca Exp $
  
       /* ignore multiple space sequences */
       if (*pat == ' ' && isspace (*str)) {
+@@ -1050,7 +1124,11 @@ int expect (int master, char **expected,
+         if ( m < 0 ) {
+            err_msg ( HERE, "read error from child" );
+            return FAILURE;
+-        }
++        } else if (m == 0) {
++	   TRACE ( trace_file, POP_DEBUG, HERE, "no data from child");
++	   return FAILURE;
++	}
++
+         buf [ n + m ] = '\0';
+ 
+         TRACE ( trace_file, POP_DEBUG, HERE, "...read: (%d) '%.128s'",